#!/bin/sh
########################################################################
# Begin iptables
#
# Description : Start iptables
#
# Authors     : Ken Moffat - ken@linuxfromscratch.org
#               Bruce Dubbs - bdubbs@linuxfromscratch.org
#
# Version     : BLFS 7.0
#
########################################################################

### BEGIN INIT INFO
# Provides:          iptables
# Required-Start:    $syslog
# Should-Start:
# Required-Stop:
# Should-Stop:
# Default-Start:     3 4 5
# Default-Stop:     
# Short-Description: Loads iptables rules.
# Description:       Iptables provides firewall for Linux systems.
# X-LFS-Provided-By: BLFS
### END INIT INFO

. /lib/lsb/init-functions

#$LastChangedBy: dj $
#$Date: 2019-09-08 13:50:13 -0500 (Sun, 08 Sep 2019) $

case "$1" in
    start)
        if [ -x /etc/rc.d/rc.iptables ]; then
          log_info_msg "Starting iptables..."
          /etc/rc.d/rc.iptables
          evaluate_retval
        fi
        ;;

    lock)
        log_info_msg "Locking system iptables firewall..."
        /sbin/iptables --policy INPUT   DROP
        /sbin/iptables --policy OUTPUT  DROP
        /sbin/iptables --policy FORWARD DROP
        /sbin/iptables           --flush
        /sbin/iptables -t nat    --flush
        /sbin/iptables -t mangle --flush
        /sbin/iptables           --delete-chain
        /sbin/iptables -t nat    --delete-chain
        /sbin/iptables -t mangle --delete-chain
        /sbin/iptables -A INPUT  -i lo -j ACCEPT
        /sbin/iptables -A OUTPUT -o lo -j ACCEPT
        evaluate_retval
        ;;

    clear)
        log_info_msg "Clearing system iptables iptables..."
        /sbin/iptables --policy INPUT   ACCEPT
        /sbin/iptables --policy OUTPUT  ACCEPT
        /sbin/iptables --policy FORWARD ACCEPT
        /sbin/iptables           --flush
        /sbin/iptables -t nat    --flush
        /sbin/iptables -t mangle --flush
        /sbin/iptables           --delete-chain
        /sbin/iptables -t nat    --delete-chain
        /sbin/iptables -t mangle --delete-chain
        evaluate_retval
        ;;

    status)
        /sbin/iptables           --numeric --list
        /sbin/iptables -t nat    --numeric --list
        /sbin/iptables -t mangle --numeric --list
        ;;
    restart)
        #iptables -F PSAD_BLOCK_INPUT -w
        #iptables -F PSAD_BLOCK_OUTPUT -w
        #iptables -F PSAD_BLOCK_FORWARD -w
        #iptables -F sshguard -w



    	/etc/init.d/iptables clear
    	/etc/init.d/iptables start
        #/etc/init.d/psad restart
        #/etc/init.d/sshguard restart
     ;;
    *)
        echo "Usage: $0 {start|clear|lock|status|restart}"
        exit 1
        ;;
esac

# End /etc/init.d/iptables

